Kennethware 2.0 test deployment - error

Jump to solution
tatiana_peisl
Community Novice

We, at cehe.instructure (IU), trying to implement  USU-tools, also known as Kennethware2.0 and came across an error  that points at line 45 in TrivialOAuthDataStore.php. Also, to note we do have all HTTPS and no need to use http and associated to it encryption and etc..  Any advice is greatly appreciated as well as any source-code  updates.

Here is copy of ERR:

Strict Standards: Declaration of TrivialOAuthDataStore::new_request_token() should be
compatible with OAuthDataStore::new_request_token($consumer, $callback = NULL)
in/home4/iucdtcom/public_html/user/~tatiana/kennethware/wizard/resources/TrivialOAuthDataStore.php on line 45

------------------------------------------------------------------------------------------------------------

  1. T.Peisl
1 Solution

Thanks for asking for clarification.

Lets start with a quick vocabulary clarification:

OAuth Token
A string that is generate for a specific user so that a program can make changes to Canvas using the API on behalf of that user.
Canvas Developer Key
An ID and Secret that are associated with a developer and domain that can be used to request user OAuth tokens. You can get one of these by filling out the the Canvas Developer Key Request form.

An LTI tool can be created without using a Canvas Developer Key, however an LTI tool that does not use a Canvas Developer Key cannot request user OAuth tokens from Canvas.

Here is a description of the variables:

  • The $client_id and $clientSecret variables are NOT user credentials, they are Canvas Developer Credentials because the Wizard requests a token for each user so that the content it creates is created as the user and with that user's permissions. See the note below about an OAuth handshake.
  • The $lti_secret is used to verify that a request is coming from Canvas. When you set up an LTI tool in Canvas, one of the items you have to add is a secret. The secret you use when adding the tool to Canvas must match the $lti_secret variable or the tool will not load.
  • The $canvasDomain and $apiToken are no longer needed (I thought I had removed them). These variables were used for some API requests that were made from the JavaScript aspect of the tools in Canvas.

OAuth Handshake

In order to obtain an OAuth token for a user, the following takes place:

  1. The page is redirected to https://{usersinstance}.instructure.com/login/oauth2/auth to prompt the user with the option to authorize the tools. This request includes the $client_id variable (developer credential) and the url for where the requested information will be returned to (see controller.php line 57).
    Screen Shot 2015-07-30 at 10.21.33 AM.png
  2. When the user clicks "Log in". Canvas sends a code to the url that was sent in step 1 above. In the case of this particular tool, that is oauth2response.php.
  3. Once the program receives a code from Canvas indicating that the user agreed to grant access, that code and the developer credentials ($client_id and $clientSecret) are sent to https://{usersinstance}.instructure.com/login/oauth2/token to request an OAuth token (see oauth2response.php lines 10-14).
  4. Canvas validates the developer credentials and the code and returns an OAuth token (see oauth2response.php line 14).
  5. For Kennethware, that OAuth token is encrypted using the $pass and $salt strings and written to the database using the DB credentials (see oauth2response.php lines 26-37).

To address some of your other items:

  • Config is using OAuth.php and TrivialOAuthDataStore.php to verify credential from MySQL  DB.
    • False. The controller.php file checks the DB for user credentials. If there are no credentials it begins the OAuth handshake as described above.
  • What happened to those statically assigned variables?
    • Hopefully the OAuth handshake section above answered this part.
  • I failed to find where those credentials  are INSERT  into tools DB.
    • Those credentials are never inserted into the database, the are used to request the tokens that are inserted into the database.
  • Now, because there is nothing in DB  inserted, SELECT return no rows and request is moving further to TrivialOAuthDataStore.php to ask to issue "token" and >> because we have no Canvas Developer Key we got cut short.
    • This happens right off in controller.php if you do not have a Canvas Developer Key.
  • My impression was that is there is no Canvas Developer Key, at least the tool should work for explicitly defined users.
    • False. You cannot explicitly define users for this tool. Unless of course you can generate your own OAuth token, duplicate the encryption of your OAuth token and insert it manually into the database (see oauth2response.php lines 26-37).
  • We need to use only a single user credentials when no Canvas Developer Key is available. Does the tool has ability by passing  this situation?
    • If you do not have a Canvas Developer Key, these tools will not work without rewriting the code.

Let me know if there is anything else you need clarified

View solution in original post